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verifying said binding u^mg a cryptographic verification key associated with a 
trusted party performing said binding; and 

using said^hiancial account datum to authorize a transaction order digitally 
signed tfy said user with a private key corresponding to said public key. 

method of claim 2 where said digital certificate constitutes said binding. 



The method of claim 2 where said binding is embedded in said digital certificate. 



5. The method of claim 2 where said financial account datum includes a credit card number. 




The method of claim 2 where 



7. The method of claim 2 where 



said financial account datum includes a debit card number. 



aid financial account datum includes a PIN. 



8. The method of claim 2 where sjaid financial account datum includes a card verification 
value 2. 



9. The method of claim 2 where 
information. 

10. The method of claim 2 where 
between said trusted party and 



1 1 . The method of claim 2 where 
corresponding to said 



aid financial account datum includes checking account 

I 

said binding is performed with a symmetric key shared 
a party performing said verification step. 



s aid binding is performed with an asymmetric key 
cryptographic verification key. 



12. The method of claim 2 where qaid binding is performed by an issuer of said digital 
certificate. 
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The method of claim 2 where said binding is perform by an issuer of said financial 
accounting datum. 

The metho^efclaim 2 where said digital certificate is protected with an access code 
knowrfto said user. 



(c) 



method for providing electronic payment capabilities^) a user in a networked 
computer environment, comprising the steps of: 

(a) obtaining a financial account datum as&e^iated with said user; 

(b) obtaining a public key associated with said user; 
obtaining a cryptographically assured binding of said public key to at least a 
portion of said financial account datum, 

(i) said binding bemg conveyed in a digital certificate for said user, 

(ii) said digital certificate being usable by said user to conduct an electronic 
transactkm involving said financial account datum; and 

transmitting^aid digital certificate to said user, enabling said user to conduct said 
electronic ;ransaction involving (i) a merchant from whom at least a portion of 
said financial account datum is kept confidential, and (ii) a transaction processor 
capable of verifying said binding using a cryptographic verificatiojjJcey 
sociated with a trusted party performing said binding. 



ethod of claim 1 5 where said digital certificate constitutes said binding. 



The method of claim 15 where said binding is^mbedded in said digital certificate. 



(d) 



The method of claim 15 where saicl^fnancial account datum includes a credit card 
number. 

The method of claiga^S where said financial account datum includes a debit card 
number. 
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20. The method of claim 15 where said financial account datum includes a/PIN. 

21. The method of claim 15 where said financial account datum inclyues a card verification 
value 2. 

22. The method of claim 15 where said financial account dat/m includes checking account 
information. 

23. The method of claim 15 where said binding is performed with a symmetric key shared 
between said trusted party and said transaction processor. 

24. The method of claim 15 where said binding/s performed with an asymmetric key 
corresponding to said cryptographic verification key. 

25. The method of claim 15 where said finding is performed by an issuer of said digital 
certificate. 

26. The method of claim 15 wher/said binding is performed by an issuer of said financial 
account information. 

27. The method of claim 1 ^further comprising the step, after step (a), of verifying said 
financial account dattfm. 

28. The method of claim 15 where said digital certificate is protected with an access code 
known to saidoiser. 



29. The metMod of claim 15 where said digital certificate is stored at a credential server 
accessible to said user. 

^) 357 An apparatus for authorizing an electronic purchase in a networked computer 



environment, comprising: 
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(a) 
(b) 

(c) 





a computer processor; 
a memory connected to said processor storing a program to control the operation 
of said processor 

the processor opelrable with said program in said memory to: 

(i) receive, from a merchant, a transaction authorization request, said request 
including a (digital certificate passed through said merchant from a user 
involved in said transaction, 

(1) said digital certificate including financial account datum associated 
with said user, at least a portion of which datum is confidential 
from sa^d merchant, 

(2) said digital certificate conveying a binding between at least a 
portion olf said financial account datum and a public key of said 
user; 

(ii) verify said bindini using a cryptographic verification key associated with 
a trusted party performing said binding; and 

(iii) use said financial account datum to authorize a transaction order digitally 
signed by said user with a private key corresponding to said public key. 



Th©4pparatus of claim 30 where said financial account datum includes a PIN. 



The apparatus of claim 30 where said fip^uicial account datum includes a card 
verification value 2. 



33. The apparatus of claim 3j^where said binding is performed with an asymmetric key 
corresponding to said^ryptographic verification key. 




An apparatus for providing electronic^iyment capabilities to a user in a networked 
computer environment, comprisj 

(a) a processor; 

(b) a memory connected to said processor storing a program to control the operation 
of said processor; 
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(c) the processor operable with said program in said menrory to: 



V 



(i) 
(ii) 

(hi) 




obtain a financial account datum regarding^said user, 
obtain a public key associated with saicniser, 

obtain a cryptographically assured binding of said public key to at least a 
portion of said financial account/aatum, 

(1) said binding being cojaveyed in a digital certificate for said user, 

(2) said digital certificate being usable by said user to conduct an 
electronic transaction involving said financial account datum, and 

transmit said digiUrf certificate to said user, enabling said user to conduct 
said electronic^ransaction involving (1) a merchant from whom at least a 
portion ofsmd financial account datum is kept confidential, and (2) a 
transaction processor capable of verifying said binding using a 
cryprographic verification key associated with a trusted party performing 
iid binding. 



The apparatus of claim 34 where said financial account datum includes a PIN. 



(iv) 



The apparatus of claim 34 where said fina 
value 2. 



5ial account datum includes a card verification 



37. The apparatus of claim 3^where said binding is performed with an asymmetric key 
corresponding to sajcfcryptographic verification key. 




A computgj^readable storage medium encoded^ath processing instructions for 
implementing a method for authorizing amelectronic purchase in a networked computer 
environment, said processing instructions for directing a computer to perform the steps 
of: X 

(a) receiving, from a m^chant, a transaction authorization request, said request 

including a digitafcertificate passed through said merchant from a user involved 
in said transaction, 
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(i) said digital certificate including a^inancial account datum associated with 
said user, at least a portion pf'which datum is confidential from said 
merchant, 

(ii) said digital certificate conveying a binding between at least a portion of 
said financi^account datum and a public key of said user; 

verifying saicLbmding using a cryptographic verification key associated with a 
trusted party performing said binding; and 

using^aid financial account datum to authorize a transaction order digitally 
ed by said user with a private key corresponding to said public key. 




e compjafer-readable medium of claim 38 wherp^aid financial account datum includes 




40/ The computer-readable medium pfxlaim 38 where said financial account datum includes 
a card verification value 2. 



The computer-readable medium of claim 38 where said binding is performed with an 
asymmetric kp/corresponding to said cryptographic verification key. 




A computer-readable storage medium encoded with processing instructions for 
implementing a method for providing electronic payment capabilities to a user in a 
networked computer environment, said processing^instructions for directing a computer 
to perform the steps of: 

(a) obtaining a financial account datum^egarding said user; 

(b) obtaining a public key associated/jvith said user; 

(c) obtaining a cryptographically^assured binding of said public key to at least a 
portion of said financial account datum, 

(i) said binding bejng conveyed in a digital certificate for said user, 

(ii) said digital certificate being usable by said user to conduct an electronic 
transactio^nvolving said financial account datum; and 
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transmitting said digital certificate to said user, enabling said user to conduct said 
electronic transactiprfinvolving (i) a merchant from whom at least a portion of 
said financiaj^ccount datum is kept confidential, and (ii) a transaction processor 
capabl^dr verifying said binding using a cryptographic verification key 
associated with a trusted party performing the said binding. 

he computer-readable medium of claim 42 where said fija^ficial account datum includes 
a PI 

The computer-readable medium of cljprff 42 where said financial account datum includes 
a card verification value 2. 

The computer-readabre medium of claim 42 where said binding is performed with an 
asymmetric key^orresponding to said cryptographic verification key. 



ital certificate for use in an electronic payment transaction in a networked computer 
nvironment, comprising: 

(a) a financial account datum associated with a u^er, at least a portion of which datum 
is confidential from a merchant involvecHn said payment transaction; 

(b) a cryptographically assured binding/$i a public key associated with said user to at 
least a portion of said financial aexount datum, said binding having been 
generated with a cryptographic verification key associated with a trusted party 
performing said bindingy 

(c) said digital certificate/configured for use by a transaction processor to: 

(i) verify said/fcinding using a cryptographic verification key associated with 
said trusted party, and 

(ii) access said financial account datum to authorize a transaction order 
fgitally signed with said user's private key corresponding to said public 

key. 



47. The digital certificate of claim 46 where said digital certificate constitutes said binding. 
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48. The digital certificate of claim 46 where said binding is embedded in said digital 
certificate. / 

49. The digital certificate of claim 46 where said financial account datum includes a credit 
card number. / 

50. The digital certificate of claim 46 where said financial account datum includes a debit 
card number. / 

51. The digital certificate of claim 46 where said financial account datum includes a PIN. 

52. The digital certificate of claim 46 where said financial account datum includes a card 
verification value 2. / 

53. The digital certificate of claim 46 where said financial account datum includes checking 
^ account information. / 

54. The digital certificate of claina 46 where said binding is performed with a symmetric key 
shared between said trusteci party and said transaction processor. 

55. The digital certificat^of claim 46 where said binding is performed with an asymmetric 
key corresponding/to said cryptographic verification key. 

56. The digital certificate of claim 46 where said binding is performed by an issuer of said 
digital certificate. 

57. The digital certificate of claim 46 where said binding is performed by an issuer of said 
financial account datum. 
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